diff --git a/handlers/update_ca_trust.yml b/handlers/update_ca_trust.yml
new file mode 100644
index 0000000000..e24c66ae2f
--- /dev/null
+++ b/handlers/update_ca_trust.yml
@@ -0,0 +1,6 @@
+########################################
+# Handlers for updating ca trust
+#
+
+- name: update ca trust
+  shell: "update-ca-trust"
diff --git a/playbooks/groups/buildhw.yml b/playbooks/groups/buildhw.yml
index e4b9b5d574..283ed6b768 100644
--- a/playbooks/groups/buildhw.yml
+++ b/playbooks/groups/buildhw.yml
@@ -14,6 +14,7 @@
 
   pre_tasks:
   - include: "{{ tasks }}/yumrepos.yml"
+  - include: "{{ tasks }}/osbs_certs.yml"
 
   roles:
   - base
diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml
index 65c08027b7..a1b79443aa 100644
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@@ -17,6 +17,7 @@
 
   pre_tasks:
   - include: "{{ tasks }}/yumrepos.yml"
+  - include: "{{ tasks }}/osbs_certs.yml"
 
   roles:
   - base
diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml
index ec3c2e95b5..1e63733286 100644
--- a/playbooks/groups/koji-hub.yml
+++ b/playbooks/groups/koji-hub.yml
@@ -16,6 +16,9 @@
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
+  pre_tasks:
+    - include: "{{ tasks }}/osbs_certs.yml"
+
   roles:
   - base
   - rkhunter
diff --git a/tasks/osbs_certs.yml b/tasks/osbs_certs.yml
new file mode 100644
index 0000000000..e7c8f734fd
--- /dev/null
+++ b/tasks/osbs_certs.yml
@@ -0,0 +1,11 @@
+---
+
+- include: "{{ handlers }}/update_ca_trust.yml"
+
+- name: put the osbs certs in place
+  copy:
+    src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.crt"
+    dest: "/etc/pki/ca-trust/source/anchors/osbs-dev.fedorainfracloud.org.crt"
+  when: env == "staging"
+  handlers:
+    - update ca trust